New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


How to get specific process with specific owner

Votes:

0

Your Vote:

Up

Down

I'm trying to monitor the functioning of an older app. There might be many instances of this app, but the only one I care about runs in a specific user context - all of the others will be running in the localsystem context, and do not reliably indicate whether the app is healthy. If there are no instances of the app running in this specific user context, we must be alerted so that we can correct the problem.

I've been able to run a manual WMIC query (wmic /node:computer1 /user:"kurt-server@example.com" process where name="foo.exe" call getowner) to list the process with that name and their respective owners, but am not seeing how to narrow down the output to determine if the particular foo.exe is being run by user baz.

We've go PRTG 14.4.12.3510+ running on Win 2008 R2. I've upgraded powershell on it to v4, if that's any help.

Any help in configuring this would be much appreciated.

Kurt

batch-file process wmi-process-sensor

Created on Jan 7, 2015 9:15:25 PM by  kurtbuff (0) 1



8 Replies

Votes:

0

Your Vote:

Up

Down

Dear kurtbuff

This can only be done if you write a complete script, not with a single WMI query. Please have a look at the getowner() method of the Get-WmiObject win32_process query.

Created on Jan 9, 2015 2:17:20 PM by  Arne Seifert [Paessler Support]

Last change on Apr 25, 2017 11:59:49 AM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Thanks. I will investigate writing this up in PowerShell, and will post back a sample once I get it working.

Kurt

Created on Jan 9, 2015 5:08:09 PM by  kurtbuff (0) 1



Votes:

0

Your Vote:

Up

Down

Gave up on powershell. Instead, I'm using a very simple batch file, and still can't get it to work.

I've put together a batchfile, and it works just fine when run manually (that is, it does return 0 when at least one instance of the executable is in memory running in the context of the stated user), but fails with the following message:

"\Windows\system32>wmic /node:computer process where name="example.exe" call getowner | findstr username ERROR: Description = Access is denied. 1 was unexpected at this time. C:\Windows\system32>if 1 1 goto SendMessage"

The batchfile looks like this (send-message.cmd uses blat to send an email to several people):

---------- wmic /node:computer process where name="example.exe" call getowner | findstr username if %errorlevel% 1 goto SendMessage if %errorlevel% 0 goto ExitClean

:SendMessage "c:\program files (x86)\prtg network monitor\custom sensors\exe\send-message.cmd" echo 2:example.exe Not Running Exit 2

:ExitClean echo 0:ok Exit 0 ----------

Created on Jan 12, 2015 10:22:50 PM by  kurtbuff (0) 1



Votes:

0

Your Vote:

Up

Down

Please check if you set the proper security context for the script. This can be done in the sensor configuration tab.

Created on Jan 13, 2015 12:45:49 PM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I have tried both settings: "Use security context of probe service" (the service runs under localsystem) and "Use Windows credentials of parent device" (which inherits all the way from the device group of which the monitored server is a member, and that account has local admin rights on the monitored machines.)

Neither works.

Kurt

Created on Jan 13, 2015 4:55:16 PM by  kurtbuff (0) 1



Votes:

0

Your Vote:

Up

Down

Dear Kurt

Please try Powershell for these kind of queries. When you set the correct executionpolicy, the script should run.

Created on Jan 14, 2015 3:01:31 PM by  Arne Seifert [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Did you ever get a powershell script to accomplish this? I'm looking for the same result and my powershell abilities are not getting me to the right solution.

Created on Apr 24, 2017 9:24:43 PM by  benhar77 (0)



Votes:

0

Your Vote:

Up

Down

Here is an (extremely simple) example, using local WMI, which just lists the owner name of each process:

$processes=Get-WmiObject win32_process
foreach ($process in $processes)
   {
   $owner=$process.GetOwner()
   write-host $process.Name "is owned by" $owner.User
   }

Created on Apr 25, 2017 12:19:40 PM by  Arne Seifert [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.